Re: SSH and restricting to a chroot jail
From: Kasper Dupont (kasperd@daimi.au.dk)Date: 03/25/02
- Next message: jenuths@homacjen.ab.ca: "Re: crypt function"
- Previous message: Tim Haynes: "Re: linux root password"
- In reply to: Philip McD: "Re: SSH and restricting to a chroot jail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Kasper Dupont <kasperd@daimi.au.dk> Date: Mon, 25 Mar 2002 14:14:33 +0100
Philip McD wrote:
>
> > 3) Use a userid for that single purpose, and perahps
> > limit the network access for that user by special
> > firewall rules.
>
> THis is the bit I'm having difficulty with - do you mean I create a user
> called say ssh_jail that has permission to run chroot? I'm still not sure
> *how* I make the chroot happen every time someon ssh's - but I think the
> patch supplied by Nico does this.
No, I would suggest you write a program that will do the
following:
1) chroot to the desired directory.
2) chdir to the home directory within the chroot jail.
3) set all user and group id's to the desired user.
4) execute a shell or something else.
This program when compiled should be installed outside
the jail and be used as the users default shell. This
means that either the mentioned program should be suid
root, or the entry in /etc/passwd should have the UID
listed as 0. Of course only your own little program
should be run with UID 0 and changes it to something
else as soon as possible, this program obviously must
be reviewed very carefully.
-- Kasper Dupont -- der bruger for meget tid på usenet. For sending spam use mailto:razor-report@daimi.au.dk
- Next message: jenuths@homacjen.ab.ca: "Re: crypt function"
- Previous message: Tim Haynes: "Re: linux root password"
- In reply to: Philip McD: "Re: SSH and restricting to a chroot jail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
